Privacy & Credit Reporting Policy

January 2023

The Firstmac Group (including Firstmac Limited, Firstmac Origination Pty Ltd, Firstmac Service Pty Ltd, Firstmac Mortgages Pty Ltd, First Mortgage Company Pty Ltd, Firstmac Asset Finance Pty Ltd and Firstmac Asset Finance (Commercial) Pty Ltd) offers a range of financial products and services and investment products across Australia.

Our Privacy Policy is designed to provide you with general information about how we collect, store, use and disclose your personal information. We understand that the details you provide to us are private and personal.

We will collect, use and disclose your personal information in accordance with the Australian Privacy Act 1988 and all other relevant laws, regulations and codes (Privacy Law) and this Privacy Policy. When you decide to purchase or acquire a product or service from us we may provide you with further information about privacy in the form of a Privacy Statement or other form of privacy disclosure (Privacy Statement).

The Privacy Statement will give you specific information about how we will handle the personal information you have given to us. We may also seek your specific consent in relation to the collection, use or disclosure of your personal information.

What do we mean by 'personal information'?

Personal information means any details about you, from which your identity is apparent or can be uncovered. The kinds of personal information we may collect about you include your name, date of birth, address, account details, occupation and any other information we made need to identify you. We may also collect the ages and number of your dependants and cohabitants, the length of time at your current address, your employment details and proof of earnings and expenses.

"Sensitive information" is a subcategory of personal information which includes information about your health. We may be required to collect sensitive information about your health in certain circumstances. We will only collect sensitive information about you with your consent.

What do we mean by ‘credit information’?

We may collect the following kinds of credit information and exchange this information with credit reporting bodies and other entities:

  • credit liability information about your existing finance
  • repayment history information, which is information about whether you meet your repayments on time;
  • information about the type of finance that you are applying for;
  • financial hardship information (including information that any repayments are affected by a financial hardship arrangement)
  • default information (including overdue payments)
  • payment information; and
  • court proceedings information.

We also use the term ‘credit information’ to refer to credit eligibility information, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.

Why do we collect your personal and credit information?

We collect personal and credit information for the purposes of assessing your application for finance and managing that finance. We may also collect your personal information for the purposes of direct marketing and managing our relationship with you. From time to time we may offer you other products and services.

How do we collect your personal information?

If we can, we collect your personal information from you. You give us your personal information in a number of ways such as completing an application form or other website form, requesting a product or service over the phone or Internet, or by visiting an office in person. We also collect personal information at other times during the course of our relationship with you.

Do we collect your personal information from third parties?

Sometimes we collect your personal information from other sources. Examples of where we may receive personal information about you from another source and why this may happen are:

  • a credit reference about you from a credit reporting body in the course of assessing your application for a loan;
  • your agent, where you have appointed an agent to act on your behalf in dealing with us, such as a broker, legal adviser or other representative such as a friend or family member;
  • publicly available sources of information such as telephone directories;
  • as required or authorised by law, for example to government agencies, or regulatory bodies for purposes related to public health or safety or the prevention or detection of unlawful activities;
  • a third party to whom we have contracted to provide a financial service or product to our customers;
  • any external third parties where you have asked them to provide your personal information to us.

Who do we disclose your personal information to and receive personal information from?

The parties to whom we may disclose your personal information to and receive personal information from will depend on what product or service you receive from us. Some examples of the parties to whom we may disclose your personal information to and receive personal information from are:

  • associated companies to the Firstmac Group, including loans.com.au, carloans.com.au Pty Ltd, YourMortgageBroker Pty Ltd and insurancepoint.com.au Pty Ltd
  • intermediaries, including your agent, adviser, a dealer, a broker, a representative acting on your behalf, other Australian Financial Services Licensee or our authorised representatives, advisers and our agents;
  • to a mortgage insurer to assess the risk of providing mortgage insurance or to assess the risk of default;
  • accounting or finance specialists;
  • government, law enforcement or statutory and regulatory bodies;
  • external dispute resolution service;
  • legal and other professional advisers;
  • trustees, custodians, managers and responsible entities associated with investments, managed funds, and superannuation;
  • where required or authorised under our relationships with our alliance partners;
  • debt collection agencies, your guarantors, organisations involved in valuing, surveying or registering a security property, or which otherwise have an interest in such property, purchasers of debt portfolios; and
  • in connection with funding financial accommodation by means of an arrangement involving securitisation, or any other proposed transfer of or proposed dealing with your loan.

We will not sell, rent or trade your information. We will only disclose your personal information to and receive personal information from these parties for the purposes we have told you in this Privacy Policy and our Privacy Statements and in compliance with the Privacy Law. In the course of operating our business we may disclose your personal information to service providers who assist us in our business. Examples of these types of services and service providers are:

  • information technology, administration and business management services;
  • printers and mail service and delivery providers, imaging and document management services; and
  • manufacturers for plastic card production e.g. debit cards

These service providers provide us with a wide range of back office, administrative and business management services. Where we do disclose your personal information to these service providers we have either entered into contractual arrangements with them to protect your personal information, or they are subject to strict privacy rules and must also comply with our Privacy Policy and the Privacy Law.

Some of the parties with which we exchange your personal information, including our service providers and other third parties listed above, may be located outside Australia in countries including the Philippines, the US, the EU and the UK.

Credit information

If we have provided you with a financial product or service, we exchange your credit information with credit reporting bodies. We use the credit information that we exchange with the credit reporting body to assess your creditworthiness, assess your application for finance and manage your finance.

If you fail to meet your payment obligations in relation to any finance that we have provided or arranged or you have committed a serious credit infringement then we may disclose this information to a credit reporting body.

You have the right to request access to the credit information that we hold about you and make a request for us to correct that credit information if needed. Please see the heading “How do you access and correct your personal information?” below.

Sometimes your credit information will be used by credit reporting bodies for the purposes of pre-screening direct marketing on the request of other credit providers. You can contact the credit reporting body at any time to request that your credit information is not used in this way.

You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud. In Australia, you can ask a CRB not to use or disclose your credit-related personal information for a period of 21 days without your consent if you believe on reasonable grounds that you are, or are likely to be, a victim of fraud, including identity fraud.

The credit reporting body we use is Equifax. You can download a copy of their privacy policy at https://www.equifax.com.au/privacy.

How do we verify your identity electronically?

We may ask you for your consent to verify your identity electronically in order to comply with our obligations under the AML/CTF Act. When you provide us with your consent to verify your identity electronically, we will provide your personal information to Equifax, a credit reporting body, and request that they provide us with an assessment of whether the personal information matches (in whole or part) the personal information held by Equifax. Equifax may prepare and provide a verification assessment to us, and may use the personal information provided by us, and the personal information held by them (including personal information of other individuals) to prepare the verification assessment.

Your personal information will be handled in accordance with the Privacy Law. When making a verification request, your personal information is considered to be “credit information” under the Privacy Act.

How do we keep your personal information accurate and up to date?

It is important that the information we hold is accurate and up to date. In this, we ask that you contact us whenever there are any changes to your personal details, so that we can update our records.

How do you access and correct your personal information?

The information we hold about you is yours to access and correct, and as such we can provide you with general information, such as your name, address and contact details quite easily. More detailed information may take longer and involve a fee to cover the costs of retrieving and supplying the details you want. If you need to access your detailed information, write to us at the contact address below.

If any of the personal or credit information we hold about you is incorrect, inaccurate or out of date you may request that we correct the information. If appropriate we will correct the personal information at the time of the request, otherwise we will provide an initial response to you within seven days of receiving your request. Where reasonable, and after our investigation, we will provide you with details about whether we have corrected the personal or credit information within 30 days.

What will happen if you do not provide your personal information to us?

If we request personal information about you and you do not provide it, we may not be able to provide you with the financial product or service that you request. In addition, if we are required to comply with certain legislation to provide you with the products and services you choose, then collection of certain personal information will be mandatory.

How safe and secure is the information we hold about you?

We take great care with the information we hold about you. Our aim is to ensure that any details are securely protected from misuse, loss, unauthorised access, modification or disclosure. We will take reasonable care to make sure that we keep your information in an accurate, complete and up to date manner. When that information is no longer required to be held by law or needed, it will be permanently destroyed or de-identified.

How secure is your personal information online?

We maintain industry standard technology and procedures in respect to our information management and provision of online services, encryption techniques, virus protection and fire wall settings. If you make a transaction involving the submission of personal information over the Internet to us using one of our online forms then we employ encryption technology to ensure the security of that personal information transmission. User identifiers, passwords or other access codes may also be used to control access to your personal information. Once we have received your personal information, it is stored and protected by a range of security controls, including firewalls, user identification requirements and audit trails.

What are 'cookies' and how do they work?

While browsing our websites, our server may automatically collect navigational data by placing "cookies" in your browser file on your hard drive. Cookies do not capture or track any personal information and cannot identify you as an individual. You may elect to not accept cookies on your browser. We may use third-parties to serve ads on our website. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is recorded on an anonymous basis. Information regarding opting out of interest-based advertising is available at https://optout.networkadvertising.org/?c=1.

If you have a complaint

If you have a complaint about the handling, use or disclosure of your personal information, write to the our Privacy Officer at the contact address below. We will investigate your complaint, and advise you of the outcome as soon as possible. If the matter is not resolved to your satisfaction and you are located in Australia, you can then refer your complaint to the Office of the Australian Information Commissioner, who can be contacted at Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001, website: www.oaic.gov.au.

More information and Contact Address

You can request further information about the way we manage the personal information that we hold, or make a complaint, by writing to:

Privacy Officer
Firstmac Group
GPO Box 7001
Brisbane QLD 4000
or email the Firstmac Privacy Officer at: customerrelations@firstmac.com.au

Does our Privacy Policy change?

We review our policies, statements and procedures to keep up to date with changes in the law, technology and market practice. As a result we may update and change this Privacy Policy from time to time.